ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2021, Vol. 58 ›› Issue (3): 569-582.doi: 10.7544/issn1000-1239.2021.20200448

Previous Articles     Next Articles

A Method for Joint Detection of Attacks in Named Data Networking

Wu Zhijun, Zhang Rudan, Yue Meng   

  1. (College of Electronic Information and Automation, Civil Aviation University of China, Tianjin 300300)
  • Online:2021-03-01
  • Supported by: 
    This work was supported by the Joint Funds of the National Natural Science Foundation of China and Civil Aviation Administration of China (U1933108), the Scientific Research Project of Tianjin Municipal Education Commission (2019KJ117), and the Fundamental Research Funds for the Central Universities (3122020076, 3122019051).

Abstract: The interest flooding attack (IFA) and conspiracy interest flooding attack (CIFA) are typical security threats faced by the named data networking (NDN). Aiming at the problem that existing detection methods cannot effectively identify the attack types due to single detection features and the detection rate is not high enough, this paper proposes a method based on association rule algorithm and decision tree algorithm to detect attacks in NDN. First of all, by extracting the data information in the content cache (CS) of NDN routing node, the new detection feature “CS packet growth rate” in CS is mined. It is found in the experiment that “cache growth rate” is a favorable basis for distinguishing attack types. Secondly, association rule algorithm is used to combine the new detection feature with multiple detection features in pending interest table (PIT) to find the correlation between each feature. After preprocessing the output results of multiple association rules, they are used as input into the decision tree as a training set. Finally, the detection model generated by the decision tree algorithm is used to detect the attack. This method uses decision tree algorithm and association rule algorithm to jointly detect attacks in NDN, which not only avoids misjudgment caused by single detection features, but also enriches the classification attributes of decision trees. The simulation results show that this method can accurately distinguish and detect IFA and CIFA and improve the detection rate.

Key words: named data networking (NDN), interest flooding attack (IFA), conspiracy interest flooding attack (CIFA), association rules, decision tree

CLC Number: